In ZENworks 7 Server Management, most policies are enforced through the distribution of policy packages. However, a few policies used by the Distributor are enforced by being associated with Novell eDirectory™ containers.
Review the following sections to understand polices in ZENworks 7 Server Management:
The Server Policies component provides configuration and behavioral management of your servers. Server policies are divided into three packages for the convenience of scheduling policies and distributing the policies to their applicable servers:
Container Package: Holds the Search policy that determines how Policy and Distribution Services searches eDirectory for objects associated with policies.
Service Location Package: Holds policies specific to running Policy and Distribution Services.
Distributed Server Package: Has a generic set of policies that can be applied to all servers, as well as policy package sets for servers on specific platforms. This package provides policies that are distributed for enforcement.
Configuration policies hold information in eDirectory that creates a similar type of configuration on a server, such as enforcing selected SET parameters. Behavioral policies hold a set of rules to be followed under certain situations, such as when a server goes down.
Through server policies you can automate the management of your servers, and through ConsoleOne® and the ZENworks Server Management role in Novell iManager you can configure policies and manage your servers from a single workstation.
Server policies provide you with the ability to set, standardize, and automate configuration parameters on any given set of servers. You can control the behavior of servers in given situations, such as when downing a server.
The following sections
To use server policies, you must first create the appropriate Policy Package objects in ConsoleOne, configure the policies that your server needs, enable them, and distribute the package to the applicable Subscriber servers where the package’s policies are to be enforced.
When you set up server policies, you can individually schedule them to run daily, weekly, monthly, yearly, by an event, at a specific date and time, relative to a date and time, by an interval of time, or even immediately. The default schedule for the individual policies is the default for the policy package’s schedule. Therefore, when you change the package’s default schedule, any policy in the package that doesn’t have a schedule specified then uses the package’s new schedule.
You can implement (enable) any or all of the Policy and Distribution Services policies in a policy package. You can also create a Policy Package object for each different configuration set that you need. For example, you might want some of your servers to be brought down differently, so they would use different policy packages.
All policies enabled in a package are enforced on any servers where the Policy Package Distribution has been received and extracted. In other words, you cannot selectively enforce certain policies in a package. All policies in the package that are enabled are enforced on the server.
Because each policy in a policy package has its own (hidden) object in eDirectory, any changes you make to a policy that are saved when you exit the policy’s dialog box (by clicking either OK or clicking Apply then Close), are not undone if you then click Cancel on the policy package’s dialog box.
Therefore, clicking Cancel on the properties page for the policy package applies only to the changes you might have made for the package. For example, enabling or disabling a policy, adding or removing added policies.
Disabling a policy does not undo any configurations you made previously in the policy. The policy’s configuration changes remain, but are not used because the policy is disabled.
There are two different aspects of policies that determine how you use them:
Policy packages can contain both plural and cumulative policies. All plural policies are also cumulative, but cumulative policies are not necessarily plural. For more detail, review:
Plural policies are those where there can be more than one per policy package per platform.
For example, in the same policy package, you can add and configure a Scheduled Down policy and name it “Scheduled Down for Time A.” Then you could add and configure another Scheduled Down policy, this time naming it “Scheduled Down for Time B.”
You can tell if a policy is plural by viewing the Policies tab and clicking Add, because all plural policies are listed in the Add dialog box.
Cumulative policies are those that allow multiples of the same policy to be in effect when multiple policy packages are distributed to a server. For example, a Text File Changes policy distributed to Server A could be accumulated with a differently configured Text File Changes policy distributed to Server A. All of the text file changes from both policies would be effective for Server A.
A single configuration policy can affect the configuration of a single server or many servers. For example, you can schedule a policy to run at regular intervals to ensure that the server’s configuration continues to be set correctly.
Behavioral policies hold a set of rules to be followed in certain situations. The policy engine carries out these rules, along with any of its supporting modules.
For example, the Server Down Process policy defines criteria that must be met before you bring the server down, such as:
How soon before the server is brought down should users be notified
Who is notified when the policy is being enforced
Which peer server is to send SNMP alerts if the server does not come back up
IMPORTANT:For Linux and Windows servers, any downing command entered locally on those servers cannot be intercepted by the Server Down Process policy. NetWare servers use APIs that enable the policy to intercept the action. For the Server Down Process policy to work for the Linux and Windows server platforms, they must be downed using iManager where the action can be detected by the policy.
Behavioral policies are designed to make servers act more intelligently, to handle situations an administrator might not even be aware of, and to reduce complexity for administrators.
In summary, the benefits of configuration and behavioral policies include:
Automating tasks that an administrator would normally perform
Notifying specified users through e‑mail messages that a server is going down
Allowing a server down process to abort on certain conditions
To understand how server policies are used to manage your servers, you must understand its eDirectory objects and its agent:
The eDirectory schema extensions included in the Server Policies component define the class of eDirectory objects that are created in your eDirectory tree, including which information is required or optional at the time the object is created. Every object associated with the Server Policies component in an eDirectory tree has a class defined for it in the tree’s schema.
Server Management objects for the eDirectory schema are:
Container Package Server Package Service Location Package Distributed Server Package ZENworks Database
Note the following concerning policy enforcement:
All of the policies in the Distributed Server Package must be distributed to be enforced
All of the policies in the Container Package, Server Package, and Service Location Package must be associated to be enforced
Existing eDirectory classes that are modified with the addition of Server Management attributes are:
Country Group Locality Organization Organizational Unit Server
The following sections summarize the primary eDirectory objects that are added to eDirectory from the schema extensions provided with the Server Policies component:
For basic information about the types of objects in an eDirectory tree, see the Novell NetWare Documentation Web site and select > > > .
The Container Package object is an eDirectory object that manages the Search policy object. This policy is used by the Distributor and Subscriber objects for all versions of Server Management, and must be associated to be enforced.
The Server Package object is an eDirectory object that manages the following policy objects for ZENworks Server Inventory:
Rollup Policy zeninvDictionaryUpdatePolicy ZENworks Database
All policies in this package must be associated to be enforced.
Policy and Distribution Services does not use this package.
The Service Location Package object is an eDirectory container object that manages the following policy objects:
SMTP Host SNMP Trap Targets Tiered Electronic Distribution ZENworks Database
Service Location Package policies provide general Policy and Distribution Services configuration and location information.
All policies in this package must be associated to be enforced.
All policies are used by ZENworks 7 Server Management Distributors and Subscribers.
The Distributed Server Package object is an eDirectory object that manages the following policy objects (ZENworks 7 Server Management only):
Copy Files NetWare Set Parameters Prohibited File Scheduled Down Scheduled Load/Unload Server Down Process Server Scripts SMTP Host SNMP Community Strings SNMP Trap Targets Text File Changes ZENworks Database ZENworks Server Management
Distributed Server Package policies are used for configuring servers, controlling server behavior, and providing general Server Management configuration and location information.
All policies in this package must be distributed to be enforced.
Provides the location of the zfslog.db file for logging reporting information. You can install the database file on only NetWare® and Windows servers.
The ZENworks Database object can exist multiple times in a tree, each with its own associated database file; however, there can only be one database file installed per server.
The Server Policies component writes policy information to the Server Management database file (zfslog.db). Because every server in your network can be running the Policy/Package Agent, they can each write to the database, even across WAN links. If you do not need consolidated server policies reports on all servers, you can install a database to each WAN segment.
If you require consolidated server policies reports, you can have just one zfslog.db file where all servers running the Policy/Package Agent can log information. The amount of data a Policy/Package Agent writes to the database might not create excessive WAN traffic, depending on the number of servers and speeds of the WAN links.
Because you can install the Server Management database to multiple servers, to minimize WAN traffic you should coordinate the placement of Policy Package and ZENworks Database objects in containers on the WAN segments.
Policy and Distribution Services allows you to manage your network servers using the Policy/Package Agent. This agent is installed on each server where you select the Subscriber/Policies installation option.
The Policy/Package Agent does the following:
Extracts (installs) a software package’s contents.
Extracts the policy information from a Policy Package Distribution.
Enforces the enabled policies from the extracted policy information based on their enforcement schedules.
There are a number of server policies that provide configuration and behavioral management of your servers. The Policy/Package Agent must be running on each server you want to manage with policies or have software packages to extract and install.
You should install the Policy/Package Agent to every server in your network. Exceptions might be servers where you do not need to distribute software packages, or servers that you do not want to manage using policies.
Most ZENworks 7 Server Management policies are enforced by creating the policy package, enabling and configuring the policy, scheduling the package, distributing the package, and extracting the policies on servers.
Some ZENworks 7 Server Management policies are enforced by creating the policy package, enabling and configuring the policy, scheduling the package, and associating the package with the containers where the Distributor or Subscriber objects reside.
For more information, review the following:
Some server policies must be scheduled before they can be enforced.
The following schedules are available:
Activate by the Default Package Schedule (which you can set to any of the schedules)
Activate on a specified event (such as running at system startup or shutdown)
Activate once relative to a period of time
Activate at a specified date and time
Activate once per year at a specified time
Activate once each month at a specified time
Activate on one or more days of the week at specified times
Activate on one or more days of the week, repeating at a specified interval of time
Continuously repeat at a specified interval of time
Run immediately
Run immediately, repeating at a specified interval of time
IMPORTANT:If you enable a policy, but do not schedule it, it activates according to the schedule currently specified in the Default Package Schedule.
The Default Package Schedule provides a default for unscheduled policies in the policy package. The default schedule is the Run At System Startup event.
After you have enabled and configured a policy contained in the Distributed Server Package, you must distribute its policy package to the Subscriber servers where the enabled policies are placed into effect. In other words, configuring and enabling a policy only sets up the policy. It is enforced through its distribution to and extraction on the applicable servers that are running Policy and Distribution Services.
After you have enabled and configured a policy contained in the Service Location Package, you must associate its policy package with the containers where Distributor or Subscriber objects reside so that the enabled policies are placed into effect. This association can be directly with a container where the Distributor or Subscriber objects reside, or with a container higher in the tree from where the container holding these objects reside.
Because configuring and enabling a policy only sets up the policy, it is enforced through its association with the applicable servers that are running Policy and Distribution Services.
The tables in the following sections list the server policies by policy package. The second column indicates whether a policy is a configuration or behavioral policy, and whether it is cumulative, plural, or both.
Table 4-1 Container Package Policy
Because most policies in Server Management are distributed rather than associated for enforcement and a Distributor does not receive Distributions, the Search policy is used in Server Management to enable the Distributor Agent to locate and use policies in the Service Location Package. For example, the Distributor Agent can use the package’s ZENworks Database policy to write reporting information to the ZENworks Server Management Database file.
Also, Distributors read the Service Location Package policies for their Subscribers. That means Subscribers receive their Service Location Package policies through associations, as well.
Table 4-2 Service Location Package Policies
|
Policy Name |
Policy Type Keys |
Policy Function |
|---|---|---|
|
SMTP Host |
Configuration |
Sets the TCP/IP address of the relay host that processes outbound Internet e‑mail. This policy must be enabled if you select the E‑Mail option for notifying or logging messages in any of the other policies. |
|
SNMP Trap Targets |
Configuration |
Sets SNMP trap targets for associated eDirectory objects. In ZENworks 7 Server Management, you can schedule this policy for when you want it to be refreshed. IPX™ addresses are not supported for SNMP trap targets. You can only use IP addresses and DNS names. |
|
Tiered Electronic Distribution |
Configuration |
Sets defaults for the Distributor and Subscriber objects, including:
Any defaults set here override unchanged defaults in a Tiered Electronic Distribution object. However, if a Tiered Electronic Distribution object’s properties are modified, those modifications have precedence over any defaults set in the Tiered Electronic Distribution policy. |
|
ZENworks Database |
Configuration |
Sets the DN for locating the ZENworks Database object and the database file. The database is used for logging successes and failures that are used in creating reports. This policy can be created to override the database settings that might have been established during installation of Policy and Distribution Services. The Policy/Package Agent and the Distributor Agent both write to zfslog.db. For information on having these agents write to different database files, see Section 10.1.9, Coexisting Databases. |
The Server Package exists in ZENworks 7 Server Management only for use by Server Inventory. The ZENworks Database policy contained in this package is automatically created by the installation program when Server Inventory is installed to enable automatic location of the database for logging inventory data.
Policy and Distribution Services does not use this package.
Although other policies exist in this package, Table 4-3 only lists the ZENworks Database policy.
This package contains the policies the must be distributed to Server Management servers to be enforced on them.
Table 4-4 Distributed Server Package Policies
|
Policy Name |
Policy Type Keys |
Policy Function |
|---|---|---|
|
Copy Files |
Plural Cumulative Configuration |
Enables copying of files on a server from one location to another by using policy configurations. |
|
NetWare Set Parameters |
Plural Cumulative Configuration |
Specifies and optimizes selected Set Parameters for a server or group of servers. For the NetWare platform only. |
|
Prohibited File |
Plural Cumulative Configuration |
Monitors and enforces the deletion or moving of unauthorized files from a specified volume/drive or directory/folder. |
|
Scheduled Down |
Plural Cumulative Configuration Behavioral |
Schedules when a server should go down, and whether it should be automatically brought back up. The policy includes which command to use in bringing it down (RESET, RESTART, or DOWN). |
|
Scheduled Load/Unload |
Plural Cumulative Configuration |
For automating the loading and unloading order of NLM™ and Java Class processes for the selected servers, and for starting and stopping Windows services. NLM files that require user input to unload cannot be automated. |
|
Server Down Process |
Behavioral |
For controlling which processes to follow and which conditions to meet before downing a server. |
|
Server Scripts |
Plural Cumulative Configuration |
For automating script usage on your servers. |
|
SMTP Host |
Configuration |
Sets the TCP/IP address of the relay host that processes outbound Internet e‑mail. This policy must be enabled if you select the E‑Mail option for notifying or logging messages in any of the other policies. |
|
SNMP Community Strings |
Configuration |
Allows you to receive and respond to SNMP requests. |
|
SNMP Trap Targets |
Configuration |
Sets SNMP trap targets for associated eDirectory objects. You can schedule this policy for when you want it to be refreshed. IPX addresses are not supported for SNMP trap targets. You can only use IP addresses and DNS names. |
|
Text File Changes |
Plural Cumulative Configuration |
For automating changes to text files. |
|
ZENworks Database |
Configuration |
Sets the DN for locating the ZENworks Database object and the database file. The database is used for logging successes and failures that are used in creating reports. This policy can be created to override the database settings that might have been established during installation of Policy and Distribution Services. The Policy/Package Agent and the Distributor Agent both write to zfslog.db. For information on having these agents write to different database files, see Section 10.1.9, Coexisting Databases. |
|
ZENworks Server Management |
Configuration |
Basic configuration parameters for Policy and Distribution Services, such as status logging, defining the server console prompt for the Policy/Package Agent, setting its working path, and setting a database purging limit. You can enable this policy on each server where you want to enforce server policies. However, if you do not enable the policy, Policy and Distribution Services works from pre-programmed defaults. |